1026

Sessions

Speakers

Andrea Jelinek
Chair of the European Data Protection Board (EDPB)
Dr Jelinek has held the position of Chair of the European Data Protection Board since May 2018, and Head of the Austrian Data Protection Authority since 2014.

Dr Jelinek previously was head of the Vienna Foreign Police, followed by a position as Head in the Regional Police Department. Before that, she worked in the Ministry of the Interior as head of department in the legal and legislative department, before being appointed head of a police commissioner's office.

Jelinek started out her career as a consultant for the Austrian Science Fund, and a trainee legal officer at the Austrian Rectors' Conference.
Andrew Stevenson
Senior Privacy & Compliance Manager, Orkla ASA
Andrew is currently the DPO for Orkla ASA, a large branded consumer goods company based in Oslo, with a footprint across the Nordics, Central and Baltic Europe as well as India.

Traditionally hailing from the telco industry, Andrew has a background in compliance management and privacy, and has worked at Vodafone Group in London and Telenor Group in Oslo. However, his path to the ‘privacy’ world has perhaps been a bit non-traditional, as his degree in Geography might suggest!
Anna Eidvall
Partner, MAQS Stockholm
Anna Eidvall specialises in privacy and data protection and has extensive experience on implementation and management of data protection and privacy programs.

Anna works cross-industry and with her solid experience of the old and new data protection regulations, she provides practical and tangible advice on a complex regulatory framework based on the unique conditions of every business.

Anna is an Advokat and Partner at MAQS Advokatbyrå and is heading the firms expert group in privacy and data protection.
Anu Talus
Doctor of Laws, Data Protection Ombudsman, Office of the Data Protection Ombudsman, Helsinki
Anu Talus ((born 1975) studied at the Faculty of Law in the university of Helsinki (LL.M. 2005) and defended there her doctoral thesis “From simply sharing the cage to living together: Reconciling the right of public access to documents with the protection of personal data in the European legal framework” in the year 2019.

She has worked for the Finnish Ministry of Justice since 2007 for example at the Department for Democracy and Public Law. 2019 Anu Talus became the deputy Data Protection Ombudsman and was then appointed to the position of Data Protection Ombudsman in November 2020. During the years 2018 and 2019 Anu Talus also worked at the European Commission, in the Unit for International Data Flows and Protection.
Bjørn Erik Thon
Data Protection Commissioner, Norwegian Data Protection Authority, Oslo
Bjørn Erik Thon was appointed Commissioner and general director in the Data Protection Authority in Norway in May 2010.

Before his appointment, he served as the Norwegian Consumer Ombudsman for ten years. He has also worked as a barrister, a judge deputy and for three years he held the position as head of section in the Consumer Council. In addition to this, he has been involved in politics for several years. He held the position as political adviser for the Minister of Justice during Kjell Magne Bondeviks first government. Furthermore, he was deputy leader of the Social Liberal Party in Oslo, and for several years member of the District Council in Nordre Aker, Oslo.

Thon has published several books. The last one, The American president’s Norwegian daughter, was published in September 2014. He has also written Forbrukerjungelboka ( The Consumer Jungle Book); a consumer guide and has been co-author of a book about Consumer Contracts. From 2000 to2004 he published three crime novels. Thon has been a columnist in several newspapers and magazines.

Thon is 57 years old and lives in Oslo, Norway.
Björn Lundqvist
Associate Professor of Law, Stockholm University
Björn Lundqvist is Associate Professor of Law at the Law Department, Stockholm University. He is the Head of the EU Law Research Group an Director of the European Law Institute.

Björn has published extensively on Competition and IP Law and Innovation related issues. Recent publications are
‘Cloud Service as the ultimate Gate(keeper)’ The Journal of Antitrust Enforcement, Volume 7, Issue 2, July 2019, Pages 220–248; Competition and Data Pools, Journal of European Consumer and Market Law, 2018 Vol. 7(4), 146-155; Standardization for the Digital Economy: The Issue of Interoperability and Access Under Competition Law, The Antitrust Bulletin, 2017, Vol. 62(4) 710-725. Björn has recently been editing one book ‘Competition Law for the Digital Economy’, editor Björn Lundqvist with Michal Gal, ASCOLA Competition Law series Edward Elgar 2019.
Carolina Wallenius
General Manager, Cerner Sverige
Caroline Olstedt Carlström
Partner, Cirio Law Firm and Chair, The Swedish Data Protection Forum
Caroline has +20 years of experience in international data protection and has served as legal and strategic advisor to companies within IT, media, telecommunications, energy, finance and biotech sectors.

During five years she served as Vice President Privacy at Klarna Bank with global responsibility for Klarna group’s data protection strategy and compliance and managing its Global Privacy Office.

Today she is partner of Cirio Law firm, heading up Cirio’s Data Privacy & Information Security Practice. Caroline is chairman of the Swedish Data Protection Forum (Forum för dataskydd), has during two years been a member of IAPP's European Advisory Board, coordinator of Cloud Sweden Legal, and is involved in several industry data protection advocacy efforts, working groups and task forces, for instance ICC’s national committee for Digital Economy.

She is also a frequent speaker at various Swedish and international conferences and events on data privacy topics. Caroline's broad experience in data privacy covers a wide range of operational, compliance, regulatory, strategic and policy matters.
Claire Quinn
Chief Privacy Officer, CIPP/E, PRIVO
Claire Quinn has more than 20 years’ experience first in traditional print media and then in the online and digital space working closely with major child directed brands and online services, supporting on both safety and privacy issues.

She is an expert with a proven track record in children's online privacy including COPPA and GDPR compliance and has worked closely with regulators and organizations in the child privacy space. Claire has also worked with law enforcement in the US and CEOP (Children’s Online Protection Agency) in the UK.

At PRIVO, Claire works closely with major child directed brands, third party service providers, moderation companies, regulators and agencies on their privacy compliance as it relates to children. She has supported such companies as PBS KIDS, Roald Dahl Story Company, Beano, Elf on the Shelf, Cricket Media, and more helping them to build their brands in a safe and privacy enhanced way.
Daniel Melin
Cloud and Datacenter strategist at Swedish Tax Authority (Skatteverket)
Daniel Melin works as a strategist at the Swedish Tax Agency, focusing on cloud computing and governmental IT services.

Daniel currently has the governmental assignment to participate in the ENISA working group regarding cyber security certification of cloud services. Daniel is also the head of the Tax Agency’s governmental assignment to evaluate the European project Gaia-X.

Daniel’s has a background from both the it-industry and the public sector since 1990.
Daniel Westman
Independent Legal Advisor and Researcher, Copenhagen
Daniel Westman is one of Sweden's leading experts in ICT law and media law.

He has worked with data protection law for over 20 years.

Daniel is an independent advisor, teacher, and researcher. He has served as an expert on many government committees, e.g., the Data Protection Committee.
David Jacoby
Deputy Director, European Global Research & Analysis Team, Europa, Kaspersky
David Törngren
Director for Legal Affairs
Joined the Swedish DPA (IMY) in 2020.

Previously at the Ministry of Justice (Division for Constitutional Law) and Swedish Courts.
Egil Bergenlind
Founder, DPOrganizer
Egil is the founder of DPOrganizer, a privacy management company based in Sweden.

Egil got the idea for DPOrganizer when he was working as a DPO and Chief Compliance Officer at iZettle, a financial technology company.

Since launching DPOrganizer, the company has gained customers in 20 countries and has been featured in Wired as one of Europe’s hottest startups. Egil holds an LLM from Uppsala University and also received the ”Legal Innovator of the Year” award in 2016 from industry media site Legaltech.
Eleonor Duh
Director Technology, Outsourcing and Privacy, Fieldfischer
Eleonor Duhs was a senior lawyer at the Department for Exiting the European Union.  She was the lead lawyer on the core provisions on the European Union (Withdrawal) Act 2018 and led on aspects of the EU-UK Withdrawal Agreement and the Framework for the Future EU-UK relationship.  She negotiated the General Data Protection Regulation for the UK Government and was a senior lawyer in the EU law team in the Foreign, Commonwealth & Development Office.

She is currently a Director (Barrister) at Fieldfisher LLP where she advises governments, public sector bodies and businesses on data protection and the UK's post-Brexit legal landscape.  She regularly speaks at national and international conferences. She is the co-author of Retained EU Law: A practical guide, published by the Law Society, London.
Erik Enocksson
Enterprise Architect at the Swedish Transport Administration (Trafikverket)
Erik Enocksson works as a IT Enterprise Architect at the Swedish Transport Administration, in that role Erik is primarily focusing on strategic end user solutions and cloud computing.

Erik is involved in several governmental collaborations such as eSam and remm.se.

Erik is currently part of the Swedish Transport Administration’s cloud-, IT architect and IT decision boards. Erik has worked with IT and strategic IT since 1995 mostly within the public sector
Eva Jarbekk
Partner, Schjødt, Oslo
Eva has over 20 years experience with legal tech and digitalization processes, and the belonging cyber security and privacy issues.

She heads Schjødt's privacy department and has written several books on privacy and been the member of several governmental privacy committees and is former chair of the Norwegian Privacy Appeal Court.

Eva's got a pragmatic and hands-on approach to legal technical issues and believes that privacy is a very important legal field because it does not only deal with how to set a value on a company, but also with what kind of society we are developing and basic democratic principles.
Filip Johnssén
Data Protection Officer at Klarna
Filip Johnssén is a board member of the Swedish Data Protection Forum.

He is currently the Data Protection Officer at Klarna, the biggest private held bank in Europe. He is founder and co-host of the privacy podcast, Dataministeriet, and he has written two books about data protection.
Fredrik Schöllin
DPO Inera AB, Stockholm
Works since 2017 at Inera AB, Stockholm and has been DPO since May 2018.

Lives in Norrköping. Former x-ray nurse with interest and knowledge in patient safety and investigation and analysis of deviations and undesirable, avoidable events in healthcare organizations.
Ian Evans
Managing Director, EMEA | OneTrust
Ian Evans serves as Managing Director for EMEA at OneTrust, the largest and most widely used technology platform to operationalise privacy, security, data governance, and compliance programs.

Ian is a diversified senior executive with 20+ years of experience in data privacy and CRM technology applications and services.

In his role, Ian supports thousands of multi-national brands across the European, Middle Eastern, and African regions, leading the delivery of technology solutions to secure and privatize customer and employee personal information under new privacy and security regulations.

Prior to OneTrust, Ian served as Vice President and Managing Director for EMEA at AirWatch (acq. by VMware in 2014 for $1.54B). AirWatch now serves more than 20,000 global customers and is recognized as the undisputed market leader in enterprise mobility management.
Jaap-Henk Hoepman
Associate Professor Computer Science, University of Nijmegen and University of Groningen, The Netherlands
Jaap-Henk Hoepman (1966) is associate professor at the Digital Security group of the Radboud University, Nijmegen, the Netherlands, working for the iHub, the interdisciplinary research hub on Security, Privacy, and Data Governance.

He is also an associate professor in the IT Law section of the Transboundary Legal Studies department of the Faculty of Law of the University of Groningen. Moreover he is a principal scientist (and former scientific director and co-founder) of the Privacy & Identity Lab. He is a columnist for the Financieele Dagblad (FD, a major Dutch newspaper) and a regular guest on the Dutch national radio news show Nieuws en Co.

He studies privacy by design and privacy friendly protocols for identity management and the Internet of Things. He speaks on these topics at national and international congresses and publishes papers in (inter)national journals. He also appears in the media as security and privacy expert, and writes about his research in the popular press. He is actively involved in the public debate concerning security and privacy in our society.

Jaap-Henk Hoepman’s new book "Privacy Is Hard and Seven Other Myths -- Achieving Privacy through Careful Design" is coming out in October 2021.
Jennie Nilsson
Partner, DLA Piper
Jennie Nilsson specializes in Data Privacy and Information Security.

She heads DLA Piper's Data Privacy and Information Security practice group in Sweden. Jennie provides advice relating to all GDPR/privacy and information security-related matters and assists clients with commercial contracts and public procurement.
JoAnn C. Stonier
Chief Data Officer, Mastercard
JoAnn C. Stonier serves as Chief Data Officer for Mastercard, leading the organization’s data innovation efforts while navigating current and future data risks.

She oversees the curation, quality, governance and management of the company’s extensive data assets. JoAnn and her team design and operationalize Mastercard’s global data strategy, guiding enterprise deployment of cutting-edge data solutions, including advanced analytics and AI, and the development of enterprise data platforms.

Her leadership is integral to Mastercard’s push to deepen the strategic value it can provide its merchant, banking and government customers and cardholders through its expanding data-driven products and capabilities.

JoAnn previously served as the company’s Chief Information Governance & Privacy Officer, responsible for global privacy and information governance, and leading regulatory engagement for data compliance.

JoAnn is a recognized and highly sought-after thought leader in emergent data and privacy issues. She has advised industry executives, governments, intergovernmental organizations and NGOs. Currently, she serves on the United Nations Expert Group on Governance and Artificial Intelligence and is Co-Chair of the World Economic Forum’s Global Future Council on Data Policy.

JoAnn also serves as a Board Advisor for Truata, a data trust co-founded by Mastercard and IBM, on the Board of Directors and Governance Committee for Hope For The Warriors, a non-profit Veteran service organization, and on the Board of Trustees and Executive & Finance Committees for Academy of Mount St. Ursula, where she attended high school in Bronx, New York.

JoAnn received her Juris Doctorate from St. John’s University and her Bachelor of Science degree from St. Francis College. She holds memberships in the Bar of the State of New York and the Bar of the State of New Jersey. She is based in Purchase, N.Y.
Johan Sundberg
Partner, edpLaw
Johan has over 20 years of experience working as a lawyer in the field of data privacy & data protection law, and employment law.

He is one of the most recognised lawyers in the area of data privacy & data protection law in Sweden, being ranked as one of the four leading lawyers by Legal500 and always well-regarded for assisting clients with his business insights and proactive approach.
Johan Thörn
Co-founding partner, edpLaw Advokatbyrå
Johan is a co-founding partner of edpLaw Advokatbyrå, a boutique law firm based in Stockholm, Sweden, specialized in employment and data protection (GDPR) law.

Johan has more than 10 years of experience advising clients on data protection issues and he regularly holds courses and seminars in this area.
John Bowman
Senior Principal, Promontory Financial Group, London
John is a senior principal in IBM Promontory's privacy and data protection team.

John advises clients on all aspects of compliance with data protection laws and regulations.

Prior to joining Promontory, John worked at the UK Ministry of Justice where he was the government’s lead negotiator on the EU General Data Protection Regulation. This work involved leading the UK delegation to the Council of the European Union’s DAPIX expert working group in Brussels, developing the government’s policy position on the GDPR, engaging with a wide range of stakeholders and advocates, and regularly briefing ministers.

John also represented the UK at the European Commission's Article 31 Committee, which was responsible for determining the adequacy of non-EU data-protection regimes. He earlier represented the U.K. government in negotiations on reviewing The Hague Conventions on International Child Abduction and led the government’s outreach to domestic Muslim communities on issues related to family law.”
Karin Lönnheden
Chief of Staff, Swedish Authority for Privacy Protection, IMY
Karin Lönnheden is Chief of Staff at the Swedish Authority for Privacy Protection, IMY, since 2018.

She has spent most of her prior career in Swedish law enforcement, including the Swedish Economic Crime Authority, the Swedish Security Service and the Ministry of Justice.
Karl-Fredrik Björklund
Partner Wikström & Partners
Karl-Fredrik Björklund, lawyer and partner at the law firm Wikström & Partners, frequently works with matters relating to data protection and IT-law.

Karl-Fredrik has more than seventeen years’ experience of practical work regarding matters of data protection, as well as giving lectures on this topic. Karl-Fredrik is DPO and advisor on data protection matters for several large organizations.

Lastly, Karl-Fredrik is vice chairman of Swedish Data Protection Forum.
Leena Kuusniemi
Legal Advisor for technology and content industries
Before founding Leegal Oy in Finland, Leena Kuusniemi has worked in Legal departments of Rovio and Nokia supporting strategic technology licensing, IP, mobile advertising and global privacy, data security and regulatory matters.

Leena is a Visiting Fellow at the European Centre on Privacy and Cybersecurity (Maastricht University) lecturing regularly. She has attended several EU Commission Working Groups: data protection, consumer rights and technology platform issues.

She has her qualification degree from the University of Helsinki and an additional LL.M. (Law and Information Technology) from the University of Stockholm and has attended Harvard Law School’s Internet Law course in 2001.
Leonardo Cervera Navas
Director at the European Data Protection Supervisor (EDPS)
Leonardo Cervera Navas is the Director of the Office of the European Data Protection Supervisor (EDPS), the Data Protection Authority of the EU.

Law graduate of the University of Málaga and master’s degree in European Law from the University of Granada (Spain). He was a fellow at Duke University in North Carolina (US) as part of the EU Fellowship Programme of the European Commission. He also holds a post-graduate diploma in HR management by Kingston University (UK).

He is Member of the Malaga Academy of Sciences (correspondent in Brussels). Leonardo joined the European Commission in 1999 and since then he has been working in the Data Protection field in the EU institutions. In 2010, he joined the EDPS, as Head of the Human Resources, Budget and Administration Unit and he was appointed Director in 2018. As Head of the Secretariat, he is a member of the Management Board of the EDPS, responsible for advising on data protection law and policy, and he is in charge of the coordination and implementation of the strategies and policies of the institution.
Magnus Bergström
IT- och informationssäkerhetsspecialist, IMY
Magnus Bergström, for more than 16 years an IT and information security specialist at, and also coordinator for, the Information Security Function at the Unit for information security and supervision process at the Swedish Data Protection Authority, IMY, is originally a data and systems scientist (within security informatics) and takes a special interest in "appropriate measures" as well as the communication and collaboration between lawyers and technicians.
Maria Holmström Mellberg
Nordic Data Privacy and Information Security Lead, Accenture and Swedish Data Protection Forum board member
I am Accenture’s Data Privacy and Information Security Lead (DPISL) for the Nordics and as such I act as part of the extended Accenture Data Protection Officer’s (DPO) and Chief Information Security Officer´s (CISO) Global Networks within the Nordic market unit ie Denmark, Finland, Latvia, Lithuania, Norway, Sweden.

I provide oversight, leadership reporting and strategic direction for local Data Privacy and Information Security.

I joined Accenture in February 2020 and come from a position as Senior Legal Counsel at Cirio Law firm in Stockholm where I focused mainly on data privacy, information security, governance, risk and compliance and financial regulations. I previously held the position as Group Privacy and GDPR Lead at Nordea Group, and leading up to that various positions around risk, insolvency, business development and sales across Nordea.

I am currently on the board of The Swedish Data Protection Forum, the largest Nordic Data Privacy network. I am a lawyer (L.L.M) out of Uppsala university.
Maria Wasastjerna
Partner, LL.D - Hannes Snellman
Maria Wasastjerna, LL.D. is a Partner at Hannes Snellman in Helsinki.

She advises Finnish and international companies on all aspects of competition law, specialising in regulatory legal and compliance matters, as well as in competition litigation and M&A transactions.

Prior to joining Hannes Snellman, Maria gained several years of experience as an in-house lawyer in global corporations, most recently as a lead counsel for global competition law and policy at Nokia Corporation.

Maria also has working experience from the Finnish startup environment, and from the EU and US competition regulators in Brussels and Washington, DC.
Marit Hansen
State Data Protection Commissioner of Schleswig-Holstein, Germany
Since 2015 Marit Hansen has been the State Data Protection Commissioner of Land Schleswig-Holstein and Chief of Unabhängiges Landeszentrum für Datenschutz (ULD).

Before being appointed Data Protection Commissioner, she had been Deputy Commissioner for seven years. Within ULD she established the “Privacy Technology Projects” Division and the “Innovation Centre Privacy & Security”.

Since her diploma in computer science in 1995 she has been working on privacy and security aspects. Marit's focus is on “data protection by design” and “data protection by default” from both the technical and the legal perspectives. She often gives talks and has been lecturing at various universities and academies.

Marit was member of the Data Ethics Commission of the German Government. Her contribution to education and research on privacy-enhancing technologies has awarded her an honorary doctorate from Karlstad University, Sweden.
Michael Hopp
Partner, Plesner, Copenhagen
Michael Hopp is a partner in Plesner's Corporate and Compliance team and head of Plesner's Data Protection team.

Michael Hopp was one of the first lawyers in Denmark to specialise in the area of data privacy and data protection. He has worked with data protection for more than 15 years and has long ago become a key player and a household name on the Danish data protection scene. Michael advises a number of the most significant Danish and multinational companies across industries and has been heading the GDPR preparations for most of the clients.

Michael also advises clients on data protection compliance projects, international data transfers, whistle blower hotlines, privacy policies for customers or employees, employee monitoring and data protection issues in relation to US Discovery.

In the area of marketing Michael has deep knowledge about data-driven marketing. In his work, Michael focuses particularly on the commercial gains to be made from the use of data-driven marketing.
Michael Kallens
US Privacy Lead, Nasdaq
Nicholai Pfeiffer
Managing partner at White Label Consultancy, Copenhagen
Nicholai Pfeiffer is the managing partner of White Label Consultancy. He has extensive experience from technology, corporate governance and digital transformation.

From 2014 to 2019 he was the chief privacy officer for Telenor Group, where he spearheaded the Telenor's GDPR readiness compliance efforts and managed their global data protection programme in both Europe and Asia.

After working nearly two decades in-house as General Counsel and Chief Privacy Officer, in 2019 he founded White Label Consultancy.

He has advised a number of global corporations on the operationalisation of data protection, and continues to do so.
Niclas Skyttberg
Chief Medical officer, Aleris Group
Pål Resare
The Swedish Association of Local Authorities and Regions (SALAR/SKR)
Pål Resare, is a graduate of the University of Stockholm and is now a senior legal counsel at the Swedish Association of Local Authorities and Regions (SALAR).

A specialist in medical law, medical device and medicinal products law, who is also currently working with various projects related to data protection and IT-law. Pål has been in his field of expertise for almost twenty years and has worked at several government agencies for almost twenty years.
Pan Xuan
CEO and founder of Privacy1
Pan Xuan. CEO and founder of Privacy1, a startup that provides data compliance services and help businesses stop data breaches.

He is the original team member of Spotify privacy team. After spent 15+ year on product & engineering that involves work of mobile development in both android and iOS, backend systems that scales to hundreds of millions of users, and big data analytics that ingest tens of millions data records/s.

He is now focused on how to deal with the second order effect of digitisation.
Patrick Breyer
(Pirate Party), Member of the European Parliament (MEP)
Dr. Patrick Breyer is a jurist and Member of the European Parliament with the European Pirates, members of the Greens/European Free Alliance Group.

As a member of the Committee for Civil Liberties and Home Affairs and of the Legal Committee, his political work concentrates on safeguarding fundamental rights in the digital age, particularly with regard to privacy, citizen participation and democracy.

From 2012 to 2017, he was a member of the Schleswig-Holstein State Parliament for the Pirate Party, and temporarily chaired the parliamentary group. Moreover, he is a long-term activist in the civil liberties movement for consumer and citizen rights. Accordingly, he is a member of the NGO Arbeitskreis Vorratsdatenspeicherung (Working Group on Data Retention) and author of the blog ‘Daten-Speicherung.de – minimum data, maximum privacy.
Rob van Eijk
Managing Director for Europe, Future of Privacy Forum
Dr. Rob van Eijk serves as the Future of Privacy Forum’s Managing Director for Europe.

In this role, van Eijk implements FPF’s agenda in Europe, overseeing its day-to-day operations. Prior to serving in this position, Rob worked at the Dutch Data Protection Authority (DPA) for nearly 10 years.

Rob is a technologist with an M.Sc. from the Leiden Institute of Advanced Computer Science of Leiden University, and a Ph.D. from Leiden Law School, focusing on online advertising (real-time bidding).
Rose-Mharie Åhlfeldt
Associated professor at University of Skövde, Sweden
Rose-Mharie Åhlfeldt is an assistant professor in information technology at the University of Skövde.

She educates and does research in information security and health informatics and, in addition to academic courses, also holds commissioned training for companies and the public sector. Her research focuses on the development and evaluation of methods and tools for systematic information security work, secure and efficient information management in health care as well as privacy-related issues.

She is also the coordinator for the collaborating platform PICS (Privacy, Information Security and Cyber Security at the University of Skövde.

In addition to leading and implementing research projects within the academy, she also participates in the Swedish standardization work on the ISO/IEC 27000 family via SIS TK318. She is a participant in the Region of Västra Götaland’s Digitalization Council. Rose-Mharie has also participated in the working group to develop new methodological support for systematic information security work at the Swedish Civil Contingencies Agency.

She has been a member of the board of the Forum for Data Protection since 2015.
Sara Övreby
Public Policy and Government Relations Manager, Google Sweden
Sara Övreby is Head of Public Policy at Google in Sweden.

She has a strong commitment to society and works to reduce the gap between technology and politics. Since 2020, she has chaired the International Chamber of Commerce's (ICC) Committee on Digital Economy.

Sara has a background as a political adviser in the European Parliament where she worked for Christofer Fjellner, and as a press secretary for Lena Adelsohn Liljeroth in the Government Offices.

Prior to joining Google, Sara worked as Global Public Affairs Manager at Scania.
Sjoera Nas
Senior Privacy Adviseur, Privacy Company, Haag, The Netherlands
Sjoera Nas is a senior privacy consultant at the Dutch privacy consultancy firm Privacy Company.

She has worked for almost 12 years as an internet and telecom expert for the Dutch Data Protection Authority. She was the lead investigator of many national and international investigations, including Google, Facebook and Microsoft. She has been rapporteur or co-rapporteur of many opinions of the Article 29 Working Party on Internet and Technology.

In May 2018, she moved to Privacy Company. She acts as an external Data Protection Officer for a number of organisations in the private and public sector, and has had the opportunity to conduct several Data Protection Impact Assessments.

Her extensive DPIA reports for the Dutch government on all kinds of data processing by Microsoft (Windows, Office365, Intune and Double Key Encryption) and Google (Workspace) are publicly available via the central government website (https://slmmicrosoftrijk.nl/downloads-dpias/ ).
Susanne Lindeberg
Group Privacy Officer, ICA Gruppen
Steve Badger
Co-founder and VP of Privacy1
Steve Badger is one of the co-founders of Privacy1.

He is a highly engaging speaker, passionate about making good privacy accessible for all organisations and has a wealth of experience in the Privacy industry as well as over 20 years in building technology solutions for customers.
Tobias Bräutigam
Senior Counsel at Bird & Bird
I am Senior Counsel at Bird & Bird and the head of our Privacy and Data Protection group in Helsinki, where I advise our local and international clients on complex privacy issues.

As a leading European expert on data protection, my practice offers detailed privacy advice on a range of matters including the development of new products and services, the review and negotiation of contracts, and the drafting of policies and review of campaigns. I also advise our clients on Finnish and international GDPR projects, including the implementation of global data management strategies, international data transfers and local data protection compliance.

Before joining the team at Bird & Bird in 2016, I was a senior legal counsel at Microsoft and Nokia in a global privacy role, heading the Microsoft Mobile privacy programme, among others. This senior in- house experience, lasting over eight years, has provided me with unique, insider knowledge of our clients' needs, and included advising on all matters of privacy compliance, with privacy impact assessments, guideline drafting as well as incident handling.

I have served on the European Advisory Board of the International Association of Privacy Professionals and co-chair the Cambridge Privacy Forum, a conference for senior privacy professionals. As a Docent of Information Law at two universities, I also contribute to privacy publications on data protection issues. I am the first and still one of the few Finnish legal practitioners to have been accepted as a Fellow of Information Privacy (FIP) by the International Association of Privacy Professionals.
Tobias Judin
Head of International, Norwegian Data Protection Authority
Tobias is Head of International at the Norwegian DPA.

He is Norway's top-level representative to the European Data Protection Board and also responsible for cross-border cases and cases regarding international transfers at the DPA.

In addition to being a lawyer, Tobias holds a degree in informatics and a degree in China studies.

Sponsors

Detailed Schedule

Full Schedule

September 27th-28th 2021
DAY 1 - Monday 27 September

08:30 - 08:45
Welcome to the NPA!
- Caroline Olstedt Carlström, Partner Cirio law firm, and Chair Swedish Data Protection Forum

Welcome to the NPA! Data protection and privacy – more important than ever!

08:45 - 09:10:00
Keynote - Sara Övreby
- Sara Övreby, Public Policy and Government Relations Manager, Google Sweden

Global developments and trendspotting

09:15 - 09:40
Keynote - Leonardo Cervera Navas
- Leonardo Cervera Navas, Director of the Office of the EDPS, the Data Protection Authority of the EU

Addressing Artificial Intelligence from the EDPS perspective

09:45 - 10:20
Hacked?
- Maria Holmström Mellberg, Data Privacy and Information Security Lead for the Nordic MU, protective security officer Accenture AB Accenture

Hacked? Spotlight on cyber risks and privacy harms - does every organization now need their own cyber soldier or how can we prepare?

10:45 - 11:30
How digitalization is affecting competition and vice versa
- Maria Wasastjerna, Hannes Snellman, Helsinki, moderator
- Sara Övreby, Public Policy and Government Relations Manager, Google Sweden
- Johan Thörn, edpLaw, Stockholm
- Professor Björn Lundqvist, Associate Professor of Law, Stockholm University
- Jennie Nilsson, Partner, DLA Piper, Stockholm

The digital transformation is changing business models, production methods, distribution, and the way businesses compete. How do we maintain the competitive conditions in the data driven economy and how do we protect the personal integrity?

11:35 - 11:55
Privacy is hard
- Jaap-Henk Hoepman, Associate Professor Computer Science, Radboud University and IT Law, University of Groningen.

Achieving Data Privacy through careful design.

12:00 - 12:30
Suitable tools for digital collaboration in the public sector
- Daniel Melin, Swedish Tax Authority/Skatteverket
- Erik Enocksson,Swedish Transport Administration/ Trafikverket

What does the market look like? Do we really need American hyperscalers?

13:15 - 13:25
Team Rynkeby – an important contribution

Swishnummer: 1235 70 30 20

13:30 - 13:45
Eleven years of successful data privacy focus
- Bjørn Erik Thon, Data Protection Commissioner, Norwegian Data Protection Authority, Oslo

13:50 - 14:35
Trend spotting from a DPA perspective
- Daniel Westman, Independent advisor, teacher, and researcher, Sweden moderator
- Andrea Jelinek, European Data Protection Authority, Chair
- David Törngren, Swedish DPA
- Bjørn Erik Thon, Norwegian DPA
- Anu Talus, Finnish DPA
- Marit Hansen, Schleswig-Holstein DPA, Germany

the DPA Panel

14:40 - 15:15
A year in Data Privacy
- Daniel Westman, Independent advisor, teacher, and researcher, Sweden

Data Privacy news update

15:45 - 16:30
Managing cross-border data transfers
- Nicholai Kramer Pfeiffer, Managing Partner at Whitelabel Consultancy, Copenhagen, moderator
- Tobias Judin, Head of International, Norwegian Data Protection Authority, NO
- John Bowman, Senior Principal, Promontory Financial Group, London
- Michael Kallens, US Privacy Lead, Nasdaq
- Andrew Stevenson, Senior Privacy & Compliance Manager, Orkla
- Susanne Lindeberg, Group Privacy Officer, ICA Gruppen

following the Schrems II decision and other developments

16:35 - 17:05
Responsible data practices
- Joanne Stonier, Chief Data Officer, MasterCard

Responsible data practices that assist in improving data quality, data products and in avoiding harms.

17:15 - 17:35
Cookies and stuff
- Michael Hopp, Attorney-at-Law, partner, Plesner Law Firm - Privacy & Data Protection, Denmark

How long must we wait, and what do we do in the meantime?

17:40 - 18:20
Algorithmic marketing and profiling
- Moderator Rob van Eijk, Managing Director for Europe, Future of Privacy Forum
- Anu Talus, Doctor of Laws, Data Protection Ombudsman, Office of the Data Protection Ombudsman, Helsinki
- Michael Hopp, Partner, Plesner, Copenhagen
- Anna Eidvall, Partner, MAQS, Stockholm
- Patrick Breyer, Dr. Patrick Breyer (Pirate Party), Member of the European Parliament (MEP)

Are crumbles all that remains of the cookies?

18.20
Thank you for today!
- Caroline Olstedt Carlström, Partner Cirio law firm, and Chair Swedish Data Protection Forum

DAY 2 - Tuesday 28 September

08:30 - 08:35
Welcome to Day 2
- Caroline Olstedt Carlström, Partner Cirio law firm, and Chair Swedish Data Protection Forum

08:35 - 9:05
Keynote - Andrea Jelinek
- Andrea Jelinek, European Data Protection Authority, Chair

A keynote on the EDPB impact on European Data Protection law, not the least in relation to the important discussions on future transatlantic data flows

09:10 - 9:35
Case study: The AWS fine
- Eva Jarbekk, Partner, Schjødt, Oslo

The AWS fine – lessons to learn?

09:40 - 10:05
For every organisation and school that uses Google Workspace services
- Sjoera Nas, Senior Privacy Adviseur, Privacy Company, Haag, The Netherlands

a presentation of a Dutch DPIA project

10:05 - 10:40
What about the children?
- Leena Kuusniemi, Legal Advisor for technology and content industries, Helsinki moderator
- Claire Quinn, Chief Privacy Officer, PRIVO
- Jaap-Henk Hoepman, Associate Professor Computer Science, Radboud University and IT Law, University of Groningen
- Sjoera Nas, Senior Privacy Adviseur, Privacy Company, Haag, The Netherlands

Conforming to age appropriate design; in gaming, in school and elsewhere

11:15 - 12:10
Data protection and information security in the healthcare industry
- Rose-Mharie Åhlfeldt, Associated professor at University of Skövde (moderator)
- Niclas Skyttberg, CMO, Aleris
- Carolina Wallenius, General Manager, Cerner Sweden
- Tobias Bräutigam, Senior Counsel at Bird & Bird, Helsinki
- Pål Resare, the Swedish Association of Local Authorities and Regions (SALAR/SKR)
- Anu Talus, Finnish DPA

a panel on recent developments with representatives from all sides. Where do we go from here?

12:15 - 12:40
And the unavoidable
- Eva Jarbekk, partner Schjødt
- Marit Hansen, Schleswig-Holstein DPA, Germany

Employee data and pitfalls, new Norwegian guidelines and other interesting contributions to the landscape

13:30 - 13:55
How does zero trust privacy secure personal data?
- Steve Badger, co-founder and VP, Privacy 1
- Pan Xuan, co-founder, Privacy 1

Let’s talk about the concept of zero trust privacy and the practical problems it can solve

14:00 - 14:40
Brexit
- John Bowman, UK, moderator
- Eleonor Duhs, Fieldfisher

UK transfer ambitions and adequacy

15:10 - 15:20
The importance of access to peers and a professional community
- Egil Bergenlind, Founder, DPOrganizer

15:25 - 16:05
Same same but different
- Maria Holmström Mellberg, Accenture moderator
- Marit Hansen, Data Protection Commissioner of Land Schleswig-Holstein and Chief of Unabhängiges Landeszentrum für Datenschutz (ULD)
- Michael Hopp, Partner, Plesner, Copenhagen
- Leena Kuusniemi

Managing, understanding and talking about the risk for the individual, for the organisation and for us all.

16:10 - 16:50
Interacting with the data protection agencies
- Eleonor Duhs, Director Technology, Outsourcing and Privacy, Fieldfisher, London, Moderator
- Fredrik Schöllin, DPO, Inera
- Magnus Bergström Swedish DPA
- Filip Johnssén, Data Protection Officer, Klarna Bank
- Johan Sundberg, Partner, edpLaw

voices from the trenches

16:55 - 17:25
Today’s data protection state of mind
- Tobias Bräutigam, moderator
- Ian Evans, Managing Director, EMEA, OneTrust
- Karin Lönnheden, Swedish DPA, IMY
- Caroline Olstedt Carlström, Partner Cirio law firm, and Chair Swedish Data Protection Forum
- Karl-Fredrik Björklund, Partner Wikström & Partners and deputy chair, Swedish Data Protection Forum

Where are we and what do we need?

17:25 - 17:30
Concluding NPA 2021
Caroline Olstedt Carlström, Partner Cirio law firm, and Chair Swedish Data Protection Forum